sentinel Block in Agent Configuration

Placement	`sentinel`

This page provides reference information for configuring the Sentinel policy engine in the sentinel block of a Nomad agent configuration. Configure the path to the plugin that Nomad uses to import Sentinel policies and specify arguments to pass to that plugin on startup.

Enterprise

This feature requires Nomad Enterprise(opens in new tab).

sentinel {
    import "custom-plugin" {
        path = "/usr/bin/sentinel-custom-plugin"
        args = ["-verbose", "foo"]
    }

    additional_enabled_modules = ["http"]
}

`sentinel` Parameters

import (Import: nil) - Specifies a plugin that should be made available for importing by Sentinel policies. The name of the import matches the name that can be imported.
additional_enabled_modules (array<string>: []) - Specifies a list of additional standard imports (modules) to allow in policies. Nomad currently enables all of Sentinel's standard imports except the "http" import, which has performance and security implications. Setting this field to ["http"] enables the "http" module in addition to the standard imports. In the future, if any new Sentinel imports are not automatically enabled by nomad, you can enable them in this field. Refer to Using the http import in Sentinel policies for recommendations on safe use of this import.

`import` Parameters

path (string: "") - Specifies the path to the import plugin. Must be executable by Nomad.
args (array<string>: []) - Specifies arguments to pass to the plugin when starting it.

Resources

Refer to these resources for details on using Sentinel policies with Nomad:

sentinel Block in Agent Configuration

sentinel Parameters

import Parameters

Resources

`sentinel` Parameters

`import` Parameters